I have it working. The filter approach is actually the silmpler way to
deal with the requirement, I don't even have to leverage the crypt
bypass flag. I just check if the message to be written is the
StartTlsResponse one, and if so, I 'jump' over the SslFilter:
public void filterWrite(NextFilter nextFilter, IoSession session,
WriteRequest writeRequest) throws Exception {
if ( writeRequest.getOriginalMessage() instanceof
StartTlsResponse )
{
// We need to bypass the SslFilter
IoFilterChain chain = session.getFilterChain();
for ( IoFilterChain.Entry entry : chain.getAll() )
{
IoFilter filter = entry.getFilter();
if ( filter instanceof SslFilter )
{
entry.getNextFilter().filterWrite( session,
writeRequest );
}
}
}
else
{
nextFilter.filterWrite(session, writeRequest);
}
}
Note: I set up the SslFilter first in the chain, immediately followed by
the StartTLS filter:
chain.addFirst( "startTls", startTlsFilter );
chain.addFirst( "sslFilter", sslFilter );
Simple, easy.
Thanks Jonathan !
On 20/01/2022 18:22, Emmanuel Lécharny wrote:
On 20/01/2022 13:25, Jonathan Valliere wrote:
The old method was unsafe from a concurrency standpoint. This
switching logic should be in a filter.
Agreed. StartTLS is by itself very intrusive and I think it deserves to
be made a MINA filter, instead of expecting MINA to be twisted in a way
that is not natural.
Actually, with such a filter, we wouldn't even require the flag you have
added as a substitute for the session attribute.
Thanks Jonathan !
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
